[go: up one dir, main page]

EP3084595B1 - Memory-preserving reboot - Google Patents

Memory-preserving reboot Download PDF

Info

Publication number
EP3084595B1
EP3084595B1 EP14825543.3A EP14825543A EP3084595B1 EP 3084595 B1 EP3084595 B1 EP 3084595B1 EP 14825543 A EP14825543 A EP 14825543A EP 3084595 B1 EP3084595 B1 EP 3084595B1
Authority
EP
European Patent Office
Prior art keywords
operating system
application
preserved
virtual memory
memory
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
EP14825543.3A
Other languages
German (de)
French (fr)
Other versions
EP3084595A1 (en
Inventor
Mark E. RUSSINOVICH
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of EP3084595A1 publication Critical patent/EP3084595A1/en
Application granted granted Critical
Publication of EP3084595B1 publication Critical patent/EP3084595B1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/4418Suspend and resume; Hibernate and awake
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment
    • G06F8/65Updates
    • G06F8/656Updates while running
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/4401Bootstrapping
    • G06F9/442Shutdown
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45575Starting, stopping, suspending or resuming virtual machine instances

Definitions

  • Rebooting the operating system disrupts the applications running on the system, which must close client connections, commit their state to storage, and shut down. During the restart, those applications must then restore their state, rebuild memory caches, and resume accepting client connections. These disruptions are magnified in a virtualized environment because the reboot affects not only the applications operating on a host partition, but also the applications running on the hosted virtual machines.
  • SLA Service Level Agreement
  • live migration To mitigate the impact of host-caused reboots on virtual machines, most small-scale virtualization platforms have implemented live migration, which enables virtual machines to seamlessly move from one server to another in order to avoid a host's planned reboot.
  • live migration The downsides of live migration are that it adds significant complexity to overall system management, places a burden on networking resources, and extends the time required to apply updates. Rebooting a group of servers requires migrating every virtual machine at least once. And unless an empty server is paired with every one hosting virtual machines that will be migrated, the migration of virtual machines becomes a tile shuffle game and server updating can become a serial operation.
  • Virtual machine suspend-update-resume is an alternative to shutting down virtual machines based on existing virtual machine technology.
  • the host OS suspends virtual machines, saves their state (including RAM and virtual CPU) to disk, restarts the server into the updated host OS, and then resumes the virtual machines.
  • This allows virtual machines to retain their in-memory caches and avoids virtual machine shutdown and restart.
  • the drawback of VM-SUR is that the RAM of all virtual machines hosted on a server must be read and written to local storage as part of the host OS update, during which time the virtual machines are suspended.
  • the save and restore of 100GB of RAM to local storage that has throughput of 100MB/s would take about thirty minutes. That disruption is no better than that caused by a typical shutdown/restart and while virtual machines retain their caches, the downtime would be long enough to cause a visible outage for single-instance virtual machines.
  • US 2012/096252 A1 relates to preparing and preserving a system configuration during a hot upgrade.
  • the method includes storing, to a volatile memory coupled to a processor executing a first operating system kernel, a planned system configuration, tagging the planned system configuration, initiating a boot of the second operating system kernel while preserving in the volatile memory content stored therein, retrieving, following the boot of the second operating system kernel a set of parameters referencing the tagged planned system configuration from the volatile memory, and using the planned system configuration, based on the retrieved set of parameters.
  • US 6 854 054 B1 describes a memory management system including memory that provides persistent storage over a reboot and a memory manager for directly controlling access to the reboot persistent memory.
  • the memory manager processes requests received from one or more applications for storage of a set of data. The request indicates during which type of reboot, cold or warm, the data is to be received and may also indicate a particular state during a reboot in which the data is to be received.
  • the manager responds to a reboot by providing a set of data from the reboot persistent memory to the application during the reboot.
  • the object of the present invention is to reduce application downtime and performance degradation caused by operating system reboots.
  • Embodiments of the invention use operating system support for reboot-persistent memory.
  • the support consists of two mechanisms that both contribute to reducing the impact of reboots.
  • the first mechanism is skipping firmware POST, which can be a significant contributor to reboot time and in physical environments can trigger hardware failures.
  • the second mechanism is enabling applications to preserve specified states in memory across a reboot.
  • MPR Memory-Preserving Reboot
  • systems and methods for preserving virtual memory in a computer system identify a preserved virtual memory allocation wherein preserved virtual memory allocation has been populated with state by an application.
  • the preserved virtual memory allocation may be identified by the application using an API to select reboot-persistent virtual memory.
  • the application is shutdown as part of an OS reboot.
  • the operating system is then rebooted without modifying the preserved virtual memory allocation.
  • physical memory and paging file pages associated with the preserved virtual memory allocation on the computer system are unmodified when the operating system is rebooted.
  • the application is restarted after the operating system has been rebooted.
  • the preserved virtual memory allocations are identified after the application is restarted, such as by checking contents of a memory region or by an API return value.
  • the application is then reconnected to the preserved virtual memory allocation, which allows the application to immediately access the preserved state without having to rebuild new state.
  • the first mechanism is an operating system soft reboot. This mechanism is disclosed in pending U.S. Patent Application No. 14/379,972 for "Virtual Machine-Preserving Host Updates" filed December 4, 2012.
  • the second mechanism includes OS services that enable applications to specify portions of memory that should be preserved intact across a reboot and that allow the application to use the preserved memory after a reboot.
  • reboots cause application downtime.
  • the duration of a reboot outage for an application includes the time required for application shutdown, OS shutdown, firmware POST, OS reboot, and application restart. Even if this downtime can be minimized or even reduced to zero, the applications lose all of the generated, derived, and cached state that is stored only in virtual memory. This causes a second disruption after the application has restarted. It may be possible for an application to quickly regenerate its state after restarting, but many applications require an extended period and many transactions to rebuild the state. If the application state is small relative to the speed of persistent storage, an application can preserve its state by serializing the state to storage during the reboot shutdown and then deserialize the state after restart.
  • FIGURE 1 illustrates. Reboot Impact on Application Performance the impact of an OS reboot on the performance of a database application.
  • a database application runs on a server with a large amount of RAM and relatively slow durable storage. After operating for some time (101), the application has fully populated RAM with its cached database state and achieved optimal performance. Then, an OS update is deployed that requires the server to reboot (or may just require the database application to shut down and restart). In this scenario, there is no point in the database application serializing the cached state because it can recreate the cache state from the source databases. Accordingly, the application commits outstanding transactions and quickly shuts down (102) and clears its cache (103). The OS then shuts down after all of the applications have closed (104). The server firmware reboots (105) before the OS restarts (106).
  • the application may restart (107).
  • the reboot takes some time, during which the clients cannot access the database, and the application starts with no cached data.
  • the application has restart and is running again (108)
  • this rebuilding most accesses will miss the cache and application response will be slow.
  • Only after running again for hours after restart will the application build up the cache again to achieve its pre-reboot performance level
  • MPR Memory-Preserving Reboot
  • OS developers will continue to improve the performance of the OS and applications during shutdown and restart; however, avoiding firmware POST will yield immediate and lasting improvements.
  • Firmware reboot (105) can introduce significant delay into the reboot process, especially for slow bus enumerations. The accompanying hardware reset may push hardware over a failure threshold.
  • VM-PHU introduces a new capability, called Kernel Soft Reboot (KSR), to shut down the OS to a loader stub and then restart updated OS code and configuration, thereby completely skipping firmware POST.
  • KSR Kernel Soft Reboot
  • VM-PHU is designed for image-based OS deployment, so the reboot is performed into a new OS virtual hard disk (VHD). KSR will work for component-based updates, where the loader boots back into the same, updated OS installation.
  • KSR can reduce application downtime during reboot-requiring OS updates, it does not address the loss of application state. Omitting POST enables the preservation of RAM across reboots, which was what motivated the development of KSR in the context of VM-PHU.
  • VM-PHU preserves the physical RAM assigned to virtual machines across host reboots, as illustrated in FIGURES 2A-C .
  • FIGURE 2A illustrates a server 201 hosting one or more virtual machines (VM) 202.
  • Server 201 is running an active host OS 203, which supports virtual machines 202.
  • Active host operating system 203 maintains a current state 204 for each virtual machine.
  • VM-PHU minimizes virtual machine 202 downtime during active host operating system updates by leaving virtual machines 202 intact and suspending them only long enough to restart an updated host operating system.
  • an updated host operating system image (Updated Host OS) 205 has been stored to memory 206.
  • the active host operating system 203 freezes the virtual machines 202 but leaves them resident in RAM on server 201.
  • Active host operating system 203 records the allocations and VM states 204 for virtual machines 202 either to RAM and/or to local storage 206 as VM states 207.
  • Active host operating system 203 shuts down as part of the operating system update and transfers execution to loader 208.
  • loader 208 deletes active host operating system 203 that reads the kernel of updated host operating system 205 into RAM. Additionally, loader 208 passes an invocation from active host operating system 203 to updated host operating system 205 that includes an allocation map for the virtual machines 202 along with instructions to resume the virtual machines 202. Loader 208 transfers execution to the updated host operating system 205 entry point. After updated host operating system 205 initializes, it loads VM states 207 for virtual machines 202 and resumes them. The VM-PHU technique avoids the stress on server 201 caused by hardware resets and, therefore, prolongs the lifetime of server 201.
  • the duration of the outage experienced by hosted virtual machines 202 when the VM-PHU technique is employed is limited to the time taken to shut down the active host operating system 203 and then to load and start the updated host operating system 205.
  • the VM-PHU technique skips firmware POST and avoids virtual machine 202 shut down and restart.
  • Applications running in the virtual machines 202 do not lose their state or caches. If the updated host operating system 205 is loaded fast enough, then the disruption may be short enough that applications running on virtual machines 202 and their respective clients are not aware of the outage. Instead, clients of the virtual machine applications may perceive what appears to be a long network glitch, which all network clients are already designed to handle. If the virtual machine outage is short enough, such as less than thirty seconds, standard load balancer probe timeouts will not trigger thereby keeping the virtual machines 202 in rotation to pick up work as soon as they resume.
  • an OS memory manager can expose an API that will allocate virtual memory that preserved through a reboot.
  • the applications can then selectively manage their state by leveraging preservation support for state that is expensive to regenerate or to persist to storage.
  • MPR Memory-Preserving Reboot
  • FIGURE 3 illustrates the reduced impact of a reboot on the same database application described in FIGURE 1 when the application takes advantage of MPR.
  • the firmware reboot delay is eliminated using the VM-PHU technique, which allows the application to restart faster.
  • the reboot disruption (301) is minimized by preserving the cache memory, which allows the application performance (302) to rapidly return to pre-reboot levels (103).
  • MPR introduces complexity for applications that use it.
  • the applications must ensure that the state they preserve defines a closure. If the preserved state has any references to state that is not preserved (for example, by embedding pointers to data structures that were allocated in memory that was not preserved), then only part of the state will be preserved and the application will likely fail after reboot. Applications that opt-in to using MPR will carry the additional cost of maintaining and testing for the closure of their preserved data.
  • AWE Address Windowing Extensions
  • a second approach is more flexible, but more complex and involves offering applications an API for reboot-persistent virtual memory.
  • a virtual memory-preserving API would take a unique application identifier, for example one assigned by the OS when a process registers with it, as well as an application-selected identifier for each virtual memory region the application wants to preserve. These allocation requests would return a virtual memory pointer just like standard allocation APIs. Applications would interact with the memory the same way and with the same APIs as they use for standard virtual memory.
  • An application would not need to implement special logic on reboot other than to detect, either by API return value or by checking the contents of the memory region that a region was preserved from the previous reboot. For example, initialized virtual memory is zero-filled so a one-byte value at the start of the region is a sufficient flag that a region was preserved. When a region contains preserved contents, an application can immediately access the state stored within it.
  • FIGURES 4A-C illustrate the basic behavior of preserved virtual memory.
  • RAM 401 and paging file 402 have been populated with application 403, OS 404, and Loader 405.
  • Application 403 has made a preserved virtual memory allocation 406 and populated it with state.
  • the application (403) and operating system (404) have shut down to loader stub 405, leaving the physical memory 401 and paging file pages 402 associated with the virtual memory 406 undisturbed.
  • FIGURE 4C application 403' has restarted and been reconnected with preserved memory 406 and its contents by the updated operating system 404'.
  • FIGURE 5 is a flowchart illustrating a method for preserving virtual memory in a computer system according to one embodiment.
  • a preserved virtual memory allocation is identified.
  • the preserved virtual memory allocation has been populated with state by an application.
  • the preserved virtual memory allocation may be identified by the application using an API to select reboot-persistent virtual memory.
  • the application is shutdown.
  • step 503 the operating system on the computer system is rebooted without modifying the preserved virtual memory allocation.
  • physical memory associated with the preserved virtual memory allocation on the computer system may be unmodified when the operating system is rebooted.
  • paging file pages associated with the preserved virtual memory allocation on the computer system may be unmodified when the operating system is rebooted.
  • step 504 the application is then restarted after the operating system has been rebooted.
  • preserved virtual memory allocations are identified after the application is restarted.
  • the preserved virtual memory allocations may be identified by checking contents of a memory region or by an API return value.
  • step 506 the application is reconnected to the preserved virtual memory allocation, which allows the application to immediately access the preserved state without having to rebuild new state.
  • FIGURE 6 is a flowchart illustrating a process or method for updating a host operating system while preserving the virtual machines running on a host server.
  • an updated host operating system is copied to RAM or local storage on the server.
  • the active host operating system freezes the virtual machines currently running on the server.
  • the active host operating system records allocations and states for the virtual machines to RAM or local storage.
  • the active host operating system then shuts itself down and transfers execution to a loader application.
  • step 605 the loader reads the kernel of the updated host operating system into RAM.
  • step 606 the invocation from the active host operating system passes an allocation map for the virtual machines to the updated host operating system along with instructions to resume the virtual machines.
  • step 607 execution is transferred from the loader to updated host operating system entry point.
  • step 608 the updated host operating system is initialized. Finally, in step 609, the updated host operating system loads the states of the virtual machines and resumes the virtual machines.
  • FIGURE 7 illustrates an example of a suitable computing and networking environment 700 on which the examples of FIGURES 1-6 may be implemented.
  • the computing system environment 700 is only one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention.
  • the invention is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to: personal computers, server computers, multiprocessor systems, microprocessor-based systems, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
  • the invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer.
  • program modules include routines, programs, objects, components, data structures, and so forth, which perform particular tasks or implement particular abstract data types.
  • the invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network.
  • program modules may be located in local and/or remote computer storage media including memory storage devices.
  • an exemplary system for implementing various aspects of the invention may include a general purpose computing device in the form of a computer 700.
  • Components may include, but are not limited to, various hardware components, such as processing unit 701, data storage 702, such as a system memory, and system bus 703 that couples various system components including the data storage 702 to the processing unit 701.
  • the system bus 703 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
  • such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus.
  • ISA Industry Standard Architecture
  • MCA Micro Channel Architecture
  • EISA Enhanced ISA
  • VESA Video Electronics Standards Association
  • PCI Peripheral Component Interconnect
  • Computer-readable media 704 may be any available media that can be accessed by the computer 700 and includes both volatile and nonvolatile media, and removable and non-removable media, but excludes propagated signals.
  • Computer-readable media 704 may comprise computer storage media and communication media.
  • Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by the computer 700.
  • Communication media typically embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media.
  • modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
  • communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above may also be included within the scope of computer-readable media.
  • Computer-readable media may be embodied as a computer program product, such as software stored on computer storage media.
  • the data storage or system memory 702 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) and random access memory (RAM).
  • ROM read only memory
  • RAM random access memory
  • BIOS basic input/output system
  • RAM typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 701.
  • data storage 702 holds an operating system, application programs, and other program modules and program data.
  • Data storage 702 may also include other removable/non-removable, volatile/nonvolatile computer storage media.
  • data storage 702 may be a hard disk drive that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive that reads from or writes to a removable, nonvolatile magnetic disk, and an optical disk drive that reads from or writes to a removable, nonvolatile optical disk such as a CD ROM or other optical media.
  • Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like.
  • the drives and their associated computer storage media, described above and illustrated in FIGURE 6 provide storage of computer-readable instructions, data structures, program modules and other data for the computer 700.
  • a user may enter commands and information through a user interface 705 or input device.
  • the user input interface 705 may be coupled to the system bus 703, but may be connected by other interface and bus structures.
  • a monitor 706 or other type of display device may also be connected to the system bus 703 via an interface, such as a video interface.
  • the computer 700 may operate in a networked or cloud-computing environment using logical connections 707 to one or more remote devices, such as a remote computer.
  • the remote computer may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 700.
  • the logical connections depicted in FIGURE 6 include one or more local area networks (LAN) and one or more wide area networks (WAN), but may also include other networks.
  • LAN local area networks
  • WAN wide area network
  • Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
  • the computer 700 When used in a networked or cloud-computing environment, the computer 700 may be connected to a public or private network through a network interface or adapter 707. In some embodiments, a modem or other means for establishing communications over the network.
  • the modem which may be internal or external, may be connected to the system bus 703 via the network interface 707 or other appropriate mechanism.
  • a wireless networking component such as comprising an interface and antenna may be coupled through a suitable device such as an access point or peer computer to a network.
  • program modules depicted relative to the computer 700, or portions thereof, may be stored in the remote memory storage device. It may be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Stored Programmes (AREA)
  • Techniques For Improving Reliability Of Storages (AREA)
  • Retry When Errors Occur (AREA)

Description

    BACKGROUND
  • Operating system reboots disrupt applications by causing them downtime and by destroying derived and cached states they maintain in virtual memory thereby degrading their performance. Rebooting an operating system involves shutting down the running operating system and immediately starting it. There are several reasons for rebooting an operating system. For example, hardware maintenance and upgrades typically require the operating system to be offline before the hardware can be modified. More frequently, a reboot is required to apply code and configuration updates, and the operating system cannot adopt these updates without restarting.
  • Rebooting the operating system disrupts the applications running on the system, which must close client connections, commit their state to storage, and shut down. During the restart, those applications must then restore their state, rebuild memory caches, and resume accepting client connections. These disruptions are magnified in a virtualized environment because the reboot affects not only the applications operating on a host partition, but also the applications running on the hosted virtual machines.
  • During a reboot, applications running on a virtual machine will be offline during the time required to: shut down the virtual machine, shut down the host, run firmware Power-on Self-Test (POST), startup the host, startup the virtual machine, and startup the application. In some cases, the duration of this outage may be on the order of thirty minutes or more. If a Service Level Agreement (SLA) requires a specific availability for the application, the downtime caused by host operating system reboots will consume at least a portion of the SLA's downtime budget. This will leave less time in the SLA downtime budget for unplanned outages, which are unpredictable in terms of frequency and duration.
  • To mitigate the impact of host-caused reboots on virtual machines, most small-scale virtualization platforms have implemented live migration, which enables virtual machines to seamlessly move from one server to another in order to avoid a host's planned reboot. The downsides of live migration are that it adds significant complexity to overall system management, places a burden on networking resources, and extends the time required to apply updates. Rebooting a group of servers requires migrating every virtual machine at least once. And unless an empty server is paired with every one hosting virtual machines that will be migrated, the migration of virtual machines becomes a tile shuffle game and server updating can become a serial operation.
  • Virtual machine suspend-update-resume (VM-SUR) is an alternative to shutting down virtual machines based on existing virtual machine technology. With this approach, the host OS suspends virtual machines, saves their state (including RAM and virtual CPU) to disk, restarts the server into the updated host OS, and then resumes the virtual machines. This allows virtual machines to retain their in-memory caches and avoids virtual machine shutdown and restart. The drawback of VM-SUR is that the RAM of all virtual machines hosted on a server must be read and written to local storage as part of the host OS update, during which time the virtual machines are suspended. Using approximate numbers that reflect contemporary cloud hardware, the save and restore of 100GB of RAM to local storage that has throughput of 100MB/s would take about thirty minutes. That disruption is no better than that caused by a typical shutdown/restart and while virtual machines retain their caches, the downtime would be long enough to cause a visible outage for single-instance virtual machines.
  • US 2012/096252 A1 relates to preparing and preserving a system configuration during a hot upgrade. The method includes storing, to a volatile memory coupled to a processor executing a first operating system kernel, a planned system configuration, tagging the planned system configuration, initiating a boot of the second operating system kernel while preserving in the volatile memory content stored therein, retrieving, following the boot of the second operating system kernel a set of parameters referencing the tagged planned system configuration from the volatile memory, and using the planned system configuration, based on the retrieved set of parameters.
  • US 6 854 054 B1 describes a memory management system including memory that provides persistent storage over a reboot and a memory manager for directly controlling access to the reboot persistent memory. The memory manager processes requests received from one or more applications for storage of a set of data. The request indicates during which type of reboot, cold or warm, the data is to be received and may also indicate a particular state during a reboot in which the data is to be received. The manager responds to a reboot by providing a set of data from the reboot persistent memory to the application during the reboot.
  • SUMMARY
  • The object of the present invention is to reduce application downtime and performance degradation caused by operating system reboots.
  • This object is solved by the subject matter of the independent claims.
  • Embodiments are defined by the dependent claims.
  • This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter.
  • Embodiments of the invention use operating system support for reboot-persistent memory. The support consists of two mechanisms that both contribute to reducing the impact of reboots. The first mechanism is skipping firmware POST, which can be a significant contributor to reboot time and in physical environments can trigger hardware failures. The second mechanism is enabling applications to preserve specified states in memory across a reboot. Together, these enhancements are referred to herein as Memory-Preserving Reboot (MPR). These mechanisms can dramatically reduce application downtime and performance degradation that is caused by reboots, particularly for database, scientific and other memory-intensive applications. MPR also improves system resource utilization and reduces cost of operations.
  • In an example embodiment, systems and methods for preserving virtual memory in a computer system identify a preserved virtual memory allocation wherein preserved virtual memory allocation has been populated with state by an application. The preserved virtual memory allocation may be identified by the application using an API to select reboot-persistent virtual memory. The application is shutdown as part of an OS reboot. The operating system is then rebooted without modifying the preserved virtual memory allocation. For example, physical memory and paging file pages associated with the preserved virtual memory allocation on the computer system are unmodified when the operating system is rebooted. The application is restarted after the operating system has been rebooted. The preserved virtual memory allocations are identified after the application is restarted, such as by checking contents of a memory region or by an API return value. The application is then reconnected to the preserved virtual memory allocation, which allows the application to immediately access the preserved state without having to rebuild new state.
  • BRIEF DESCRIPTION OF THE DRAWINGS
  • To further clarify the above and other advantages and features of embodiments of the present invention, a more particular description of embodiments of the present invention will be rendered by reference to the appended drawings. It is appreciated that these drawings depict only typical embodiments of the invention and are therefore not to be considered limiting of its scope. The invention will be described and explained with additional specificity and detail through the use of the accompanying drawings in which:
    • FIGURE 1 illustrates. Reboot Impact on Application Performance the impact of an OS reboot on the performance of a database application.
    • FIGURES 2A-C illustrate preservation of physical RAM assigned to virtual machines across host reboots.
    • FIGURE 3 illustrates the reduced impact of a reboot when an application takes advantage of Memory-Preserving Reboot.
    • FIGURES 4A-C illustrate the basic behavior of preserved virtual memory.
    • FIGURE 5 is a flowchart illustrating a process or method for updating a host operating system while preserving the virtual machines running on a host server.
    • FIGURE 6 is a flowchart illustrating a process or method for updating a host operating system while preserving the virtual machines running on a host server.
    • FIGURE 7 illustrates an example of a computing and networking environment for updating a host operating system according to one embodiment.
    DETAILED DESCRIPTION
  • To minimize the impact of an operating system ("OS") reboot, two mechanisms are used together to enable applications to preserve state in virtual or physical memory during the reboot. The first mechanism is an operating system soft reboot. This mechanism is disclosed in pending U.S. Patent Application No. 14/379,972 for "Virtual Machine-Preserving Host Updates" filed December 4, 2012. The second mechanism includes OS services that enable applications to specify portions of memory that should be preserved intact across a reboot and that allow the application to use the preserved memory after a reboot.
  • Computers must reboot for a variety of reasons. Some hardware changes necessitate a reset of the physical hardware on which the OS is running. More frequently, OS reboots occur because OS or application updates require restarting execution from an initial state to apply the updates. Typical examples of such updates include updates to core OS components, which may add new functionality or fix security bugs, and configuration changes. In many cases, the complexity required to maintain consistency of an updating component's state, especially while it continues to offer service to dependent components, outweighs the benefits of supporting online updates. Despite the fact that reboots are disruptive to applications and end users, they cannot be eliminated.
  • OS reboots disrupt applications in two key ways. First, reboots cause application downtime. The duration of a reboot outage for an application includes the time required for application shutdown, OS shutdown, firmware POST, OS reboot, and application restart. Even if this downtime can be minimized or even reduced to zero, the applications lose all of the generated, derived, and cached state that is stored only in virtual memory. This causes a second disruption after the application has restarted. It may be possible for an application to quickly regenerate its state after restarting, but many applications require an extended period and many transactions to rebuild the state. If the application state is small relative to the speed of persistent storage, an application can preserve its state by serializing the state to storage during the reboot shutdown and then deserialize the state after restart. When the application state is large relative to the speed of persistent storage, however, the time allowed by the OS for application shutdown may not permit serialization of the state to storage. Even if given enough time, the performance degradation incurred during serialization and subsequent deserialization can be significant and effectively cause an application and its clients to experience negative effects of a reboot for tens of minutes or even hours later.
  • FIGURE 1 illustrates. Reboot Impact on Application Performance the impact of an OS reboot on the performance of a database application. In this example, a database application runs on a server with a large amount of RAM and relatively slow durable storage. After operating for some time (101), the application has fully populated RAM with its cached database state and achieved optimal performance. Then, an OS update is deployed that requires the server to reboot (or may just require the database application to shut down and restart). In this scenario, there is no point in the database application serializing the cached state because it can recreate the cache state from the source databases. Accordingly, the application commits outstanding transactions and quickly shuts down (102) and clears its cache (103). The OS then shuts down after all of the applications have closed (104). The server firmware reboots (105) before the OS restarts (106). Once the OS has restarted, the application may restart (107). The reboot takes some time, during which the clients cannot access the database, and the application starts with no cached data. When the application has restart and is running again (108), it does not know what client accesses will come in the future, and it must rebuild the database cache (109). During this rebuilding, most accesses will miss the cache and application response will be slow. Only after running again for hours after restart will the application build up the cache again to achieve its pre-reboot performance level In some scenarios, it may be possible for an application to quickly regenerate the state after restarting. As a result, the actual duration of the reboot disruption (110) is longer than the time that the application is was offline.
  • When they have to reboot, database and other caching applications lose state that is persisted elsewhere. Scientific and financial computation applications that perform long-running computations and generate large amounts of intermediate state are more impacted than other applications, because in addition to having to re-read potentially large amounts of data, these applications must also redo expensive computations either from the start or at least from a previous checkpoint.
  • Reducing the impact of a reboot on applications requires reducing the duration of the restart outage, but the impact can also be reduced be enabling applications to preserve derived and cached state across reboots. Memory-Preserving Reboot (MPR) may be used to reduce reboot outage and to prolong hardware health by avoiding POST. MPR uses proposed OS services to preserve application state stored in virtual memory across reboots.
  • Avoiding POST
  • OS developers will continue to improve the performance of the OS and applications during shutdown and restart; however, avoiding firmware POST will yield immediate and lasting improvements. Firmware reboot (105) can introduce significant delay into the reboot process, especially for slow bus enumerations. The accompanying hardware reset may push hardware over a failure threshold. VM-PHU introduces a new capability, called Kernel Soft Reboot (KSR), to shut down the OS to a loader stub and then restart updated OS code and configuration, thereby completely skipping firmware POST. VM-PHU is designed for image-based OS deployment, so the reboot is performed into a new OS virtual hard disk (VHD). KSR will work for component-based updates, where the loader boots back into the same, updated OS installation.
  • Preserving Memory across Reboots
  • While KSR can reduce application downtime during reboot-requiring OS updates, it does not address the loss of application state. Omitting POST enables the preservation of RAM across reboots, which was what motivated the development of KSR in the context of VM-PHU. VM-PHU preserves the physical RAM assigned to virtual machines across host reboots, as illustrated in FIGURES 2A-C.
  • FIGURE 2A illustrates a server 201 hosting one or more virtual machines (VM) 202. Server 201 is running an active host OS 203, which supports virtual machines 202. Active host operating system 203 maintains a current state 204 for each virtual machine. VM-PHU minimizes virtual machine 202 downtime during active host operating system updates by leaving virtual machines 202 intact and suspending them only long enough to restart an updated host operating system.
  • In FIGURE 2B, an updated host operating system image (Updated Host OS) 205 has been stored to memory 206. The active host operating system 203 freezes the virtual machines 202 but leaves them resident in RAM on server 201. Active host operating system 203 records the allocations and VM states 204 for virtual machines 202 either to RAM and/or to local storage 206 as VM states 207. Active host operating system 203 shuts down as part of the operating system update and transfers execution to loader 208.
  • In FIGURE 2C, loader 208 deletes active host operating system 203 that reads the kernel of updated host operating system 205 into RAM. Additionally, loader 208 passes an invocation from active host operating system 203 to updated host operating system 205 that includes an allocation map for the virtual machines 202 along with instructions to resume the virtual machines 202. Loader 208 transfers execution to the updated host operating system 205 entry point. After updated host operating system 205 initializes, it loads VM states 207 for virtual machines 202 and resumes them. The VM-PHU technique avoids the stress on server 201 caused by hardware resets and, therefore, prolongs the lifetime of server 201.
  • The duration of the outage experienced by hosted virtual machines 202 when the VM-PHU technique is employed is limited to the time taken to shut down the active host operating system 203 and then to load and start the updated host operating system 205. The VM-PHU technique skips firmware POST and avoids virtual machine 202 shut down and restart. Applications running in the virtual machines 202 do not lose their state or caches. If the updated host operating system 205 is loaded fast enough, then the disruption may be short enough that applications running on virtual machines 202 and their respective clients are not aware of the outage. Instead, clients of the virtual machine applications may perceive what appears to be a long network glitch, which all network clients are already designed to handle. If the virtual machine outage is short enough, such as less than thirty seconds, standard load balancer probe timeouts will not trigger thereby keeping the virtual machines 202 in rotation to pick up work as soon as they resume.
  • Using this same RAM preservation capability, an OS memory manager can expose an API that will allocate virtual memory that preserved through a reboot. The applications can then selectively manage their state by leveraging preservation support for state that is expensive to regenerate or to persist to storage. The combination of POST-skipping and memory preservation defines Memory-Preserving Reboot (MPR).
  • FIGURE 3 illustrates the reduced impact of a reboot on the same database application described in FIGURE 1 when the application takes advantage of MPR. As illustrated in FIGURE 3, the firmware reboot delay is eliminated using the VM-PHU technique, which allows the application to restart faster. Also, the reboot disruption (301) is minimized by preserving the cache memory, which allows the application performance (302) to rapidly return to pre-reboot levels (103).
  • It is noted that MPR introduces complexity for applications that use it. The applications must ensure that the state they preserve defines a closure. If the preserved state has any references to state that is not preserved (for example, by embedding pointers to data structures that were allocated in memory that was not preserved), then only part of the state will be preserved and the application will likely fail after reboot. Applications that opt-in to using MPR will carry the additional cost of maintaining and testing for the closure of their preserved data.
  • Physical and Virtual Memory Preservation
  • There are at least two ways to implement memory-preservation. In one approach using the Windows® OS from Microsoft Corporation, processes can use APIs, called Address Windowing Extensions (AWE), to allocate RAM. These APIs may be enhanced to offer a reboot-preservation mode. However, there are several drawbacks to relying on this API for reboot-preserving functionality. One consideration is that the AWE APIs remove the memory from the OS's management, thereby preventing the OS from using its global view to best decide what data should be stored in RAM versus be paged out to disk. Another consideration is that AWE APIs require an account privilege that is not granted to user accounts by default, thereby requiring a non-standard account configuration. The reason for this is that dedicating fixed physical resources to a specific application can degrade the performance of not only other applications, but the OS itself. Moreover, it is easier for applications to use the abstraction of virtual memory, not physical memory directly.
  • A second approach is more flexible, but more complex and involves offering applications an API for reboot-persistent virtual memory. A virtual memory-preserving API would take a unique application identifier, for example one assigned by the OS when a process registers with it, as well as an application-selected identifier for each virtual memory region the application wants to preserve. These allocation requests would return a virtual memory pointer just like standard allocation APIs. Applications would interact with the memory the same way and with the same APIs as they use for standard virtual memory.
  • An application would not need to implement special logic on reboot other than to detect, either by API return value or by checking the contents of the memory region that a region was preserved from the previous reboot. For example, initialized virtual memory is zero-filled so a one-byte value at the start of the region is a sufficient flag that a region was preserved. When a region contains preserved contents, an application can immediately access the state stored within it.
  • FIGURES 4A-C illustrate the basic behavior of preserved virtual memory. In FIGURE 4A, RAM 401 and paging file 402 have been populated with application 403, OS 404, and Loader 405. Application 403 has made a preserved virtual memory allocation 406 and populated it with state. In FIGURE 4B, the application (403) and operating system (404) have shut down to loader stub 405, leaving the physical memory 401 and paging file pages 402 associated with the virtual memory 406 undisturbed. In FIGURE 4C, application 403' has restarted and been reconnected with preserved memory 406 and its contents by the updated operating system 404'.
  • FIGURE 5 is a flowchart illustrating a method for preserving virtual memory in a computer system according to one embodiment. In step 501, a preserved virtual memory allocation is identified. The preserved virtual memory allocation has been populated with state by an application. The preserved virtual memory allocation may be identified by the application using an API to select reboot-persistent virtual memory. In step 502, the application is shutdown.
  • In step 503, the operating system on the computer system is rebooted without modifying the preserved virtual memory allocation. For example, physical memory associated with the preserved virtual memory allocation on the computer system may be unmodified when the operating system is rebooted. Additionally, paging file pages associated with the preserved virtual memory allocation on the computer system may be unmodified when the operating system is rebooted.
  • In step 504, the application is then restarted after the operating system has been rebooted. In step 505, preserved virtual memory allocations are identified after the application is restarted. The preserved virtual memory allocations may be identified by checking contents of a memory region or by an API return value. In step 506, the application is reconnected to the preserved virtual memory allocation, which allows the application to immediately access the preserved state without having to rebuild new state.
  • FIGURE 6 is a flowchart illustrating a process or method for updating a host operating system while preserving the virtual machines running on a host server. In step 601, an updated host operating system is copied to RAM or local storage on the server. In step 602, the active host operating system freezes the virtual machines currently running on the server. In step 603, the active host operating system records allocations and states for the virtual machines to RAM or local storage. In step 604, the active host operating system then shuts itself down and transfers execution to a loader application.
  • In step 605, the loader reads the kernel of the updated host operating system into RAM. In step 606, the invocation from the active host operating system passes an allocation map for the virtual machines to the updated host operating system along with instructions to resume the virtual machines. In step 607, execution is transferred from the loader to updated host operating system entry point.
  • In step 608, the updated host operating system is initialized. Finally, in step 609, the updated host operating system loads the states of the virtual machines and resumes the virtual machines.
  • FIGURE 7 illustrates an example of a suitable computing and networking environment 700 on which the examples of FIGURES 1-6 may be implemented. The computing system environment 700 is only one example of a suitable computing environment and is not intended to suggest any limitation as to the scope of use or functionality of the invention. The invention is operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments, and/or configurations that may be suitable for use with the invention include, but are not limited to: personal computers, server computers, multiprocessor systems, microprocessor-based systems, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
  • The invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, and so forth, which perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in local and/or remote computer storage media including memory storage devices.
  • With reference to FIGURE 7, an exemplary system for implementing various aspects of the invention may include a general purpose computing device in the form of a computer 700. Components may include, but are not limited to, various hardware components, such as processing unit 701, data storage 702, such as a system memory, and system bus 703 that couples various system components including the data storage 702 to the processing unit 701. The system bus 703 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus.
  • The computer 700 typically includes a variety of computer-readable media 704. Computer-readable media 704 may be any available media that can be accessed by the computer 700 and includes both volatile and nonvolatile media, and removable and non-removable media, but excludes propagated signals. By way of example, and not limitation, computer-readable media 704 may comprise computer storage media and communication media. Computer storage media includes volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer-readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can accessed by the computer 700. Communication media typically embodies computer-readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. The term "modulated data signal" means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of the any of the above may also be included within the scope of computer-readable media. Computer-readable media may be embodied as a computer program product, such as software stored on computer storage media.
  • The data storage or system memory 702 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) and random access memory (RAM). A basic input/output system (BIOS), containing the basic routines that help to transfer information between elements within computer 700, such as during start-up, is typically stored in ROM. RAM typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 701. By way of example, and not limitation, data storage 702 holds an operating system, application programs, and other program modules and program data.
  • Data storage 702 may also include other removable/non-removable, volatile/nonvolatile computer storage media. By way of example only, data storage 702 may be a hard disk drive that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive that reads from or writes to a removable, nonvolatile magnetic disk, and an optical disk drive that reads from or writes to a removable, nonvolatile optical disk such as a CD ROM or other optical media. Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like. The drives and their associated computer storage media, described above and illustrated in FIGURE 6, provide storage of computer-readable instructions, data structures, program modules and other data for the computer 700.
  • A user may enter commands and information through a user interface 705 or input device. The user input interface 705 may be coupled to the system bus 703, but may be connected by other interface and bus structures. A monitor 706 or other type of display device may also be connected to the system bus 703 via an interface, such as a video interface.
  • The computer 700 may operate in a networked or cloud-computing environment using logical connections 707 to one or more remote devices, such as a remote computer. The remote computer may be a personal computer, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 700. The logical connections depicted in FIGURE 6 include one or more local area networks (LAN) and one or more wide area networks (WAN), but may also include other networks. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
  • When used in a networked or cloud-computing environment, the computer 700 may be connected to a public or private network through a network interface or adapter 707. In some embodiments, a modem or other means for establishing communications over the network. The modem, which may be internal or external, may be connected to the system bus 703 via the network interface 707 or other appropriate mechanism. A wireless networking component such as comprising an interface and antenna may be coupled through a suitable device such as an access point or peer computer to a network. In a networked environment, program modules depicted relative to the computer 700, or portions thereof, may be stored in the remote memory storage device. It may be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
  • Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims.

Claims (10)

  1. A method of preserving virtual memory in a computer system, comprising:
    identifying (501) a preserved virtual memory allocation that is populated with state by an application, wherein the preserved virtual memory allocation is identified by the application using an API to select reboot-persistent virtual memory;
    shutting down (502) the application, leaving physical memory and paging files associated with the preserved virtual memory allocation undisturbed;
    rebooting (503) an operating system in the computer system without modifying the preserved virtual memory allocation;
    restarting (504) the application after the operating system has been rebooted; and
    reconnecting (506) the application to the preserved virtual memory allocation.
  2. The method of claim 1, wherein rebooting the operating system further comprises:
    receiving (601) a copy of an updated host operating system;
    suspending (602) all virtual machines running on the computer system;
    recording (603) an allocation map and state for each of the virtual machines;
    transferring execution from the active host operating system to a loader;
    shutting down (604) the active host operating system;
    reading (605) a kernel of updated host operating system into RAM via the loader;
    loading (606) the allocation map and state for each of the virtual machines; and
    resuming (609) operation of the virtual machines by the updated host operating system.
  3. The method of claim 1, further comprising:
    leaving the virtual machines resident in RAM when the virtual machines are suspended.
  4. The method of claim 1, wherein physical memory associated with the preserved virtual memory allocation on the computer system is unmodified when the operating system is rebooted.
  5. The method of claim 1, wherein one or more paging file pages associated with the preserved virtual memory allocation on the computer system are unmodified when the operating system is rebooted.
  6. The method of claim 1, further comprising:
    identifying preserved virtual memory allocation after the application is restarted.
  7. The method of claim 1, wherein the preserved virtual memory allocation is identified by checking contents of a memory region.
  8. The method of claim 1, wherein the preserved virtual memory allocation is identified by an API return value.
  9. The method of claim 1, further comprising:
    identifying the preserved virtual memory allocation after the application is restarted by checking contents of a memory region.
  10. A computer system, comprising:
    a processor;
    system memory;
    one or more computer-readable storage media having stored thereon computer-executable instructions that, when executed by the processor, causes the processor to preserve virtual memory during updates to a host operating system, the processor operating to perform the method of one of claims 1 to 9.
EP14825543.3A 2013-12-20 2014-12-18 Memory-preserving reboot Active EP3084595B1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US14/136,890 US9875115B2 (en) 2013-12-20 2013-12-20 Memory-preserving reboot
PCT/US2014/071002 WO2015095427A1 (en) 2013-12-20 2014-12-18 Memory-preserving reboot

Publications (2)

Publication Number Publication Date
EP3084595A1 EP3084595A1 (en) 2016-10-26
EP3084595B1 true EP3084595B1 (en) 2019-08-07

Family

ID=52345555

Family Applications (1)

Application Number Title Priority Date Filing Date
EP14825543.3A Active EP3084595B1 (en) 2013-12-20 2014-12-18 Memory-preserving reboot

Country Status (5)

Country Link
US (1) US9875115B2 (en)
EP (1) EP3084595B1 (en)
CN (1) CN105830020B (en)
BR (1) BR112016013559B1 (en)
WO (1) WO2015095427A1 (en)

Families Citing this family (31)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8782434B1 (en) 2010-07-15 2014-07-15 The Research Foundation For The State University Of New York System and method for validating program execution at run-time
US9063721B2 (en) 2012-09-14 2015-06-23 The Research Foundation For The State University Of New York Continuous run-time validation of program execution: a practical approach
US9069782B2 (en) 2012-10-01 2015-06-30 The Research Foundation For The State University Of New York System and method for security and privacy aware virtual machine checkpointing
WO2015132941A1 (en) * 2014-03-07 2015-09-11 株式会社日立製作所 Computer
US9478274B1 (en) 2014-05-28 2016-10-25 Emc Corporation Methods and apparatus for multiple memory maps and multiple page caches in tiered memory
US9535844B1 (en) 2014-06-30 2017-01-03 EMC IP Holding Company LLC Prioritization for cache systems
US10235054B1 (en) 2014-12-09 2019-03-19 EMC IP Holding Company LLC System and method utilizing a cache free list and first and second page caches managed as a single cache in an exclusive manner
US10176028B2 (en) * 2015-09-25 2019-01-08 International Business Machines Corporation Upgrading a kernel or kernel module with a configured persistent memory unused by the kernel
US10133868B2 (en) 2016-01-10 2018-11-20 Apple Inc. Switching users and sync bubble for EDU mode
US10192055B2 (en) * 2016-01-10 2019-01-29 Apple Inc. Log in/log out process for EDU mode
WO2017131747A1 (en) * 2016-01-29 2017-08-03 Hewlett Packard Enterprise Development Lp Persistent virtual address spaces
US9779248B1 (en) 2016-03-30 2017-10-03 Microsoft Technology Licensing, Llc Protection of secured boot secrets for operating system reboot
US10318162B2 (en) 2016-09-28 2019-06-11 Amazon Technologies, Inc. Peripheral device providing virtualized non-volatile storage
US11243782B2 (en) 2016-12-14 2022-02-08 Microsoft Technology Licensing, Llc Kernel soft reset using non-volatile RAM
US10552194B2 (en) 2017-10-23 2020-02-04 Microsoft Technology Licensing, Llc Virtualization operations for directly assigned devices
US10725908B2 (en) 2018-08-10 2020-07-28 Microsoft Technology Licensing, Llc. Fast initialization of complex in-memory data structures
US10990374B2 (en) * 2018-09-14 2021-04-27 Microsofttechnology Licensing, Llc Virtual machine update while keeping devices attached to the virtual machine
CN113168331A (en) 2018-12-18 2021-07-23 英特尔公司 Computing method and apparatus with multi-stage/level boot
CN109684133A (en) * 2018-12-20 2019-04-26 林琳 A kind of computer corruption state is restarted automatically method
CN109976906A (en) * 2019-03-08 2019-07-05 上海博达数据通信有限公司 A kind of Memory Allocation management method of Linux system
DE102019203377B3 (en) * 2019-03-13 2020-08-13 Continental Automotive Gmbh Vehicle system, vehicle and method for operating such a vehicle system
US11150890B2 (en) * 2019-09-12 2021-10-19 International Business Machines Corporation File system synchronization-based updating
US11314521B2 (en) 2020-01-27 2022-04-26 Dell Products L.P. System and method for managing component updates
US11237837B2 (en) * 2020-01-27 2022-02-01 Dell Products L.P. System and method for managing devices during reboot
US20220100532A1 (en) * 2020-09-25 2022-03-31 Intel Corporation Technology for transferring iommu ownership to a new version of system software
WO2022061859A1 (en) * 2020-09-28 2022-03-31 Intel Corporation Application restore based on volatile memory storage across system resets
US12124866B2 (en) * 2020-10-28 2024-10-22 Red Hat, Inc. Fast virtual machine resume at host upgrade
US11467850B2 (en) * 2020-11-11 2022-10-11 Micron Technology, Inc. Computing device reboot
US12014186B2 (en) * 2022-03-25 2024-06-18 Sap Se Reducing downtime during operating system patching
CN116107668B (en) * 2023-04-13 2023-08-15 紫光同芯微电子有限公司 Application program running method and system
US20250306774A1 (en) * 2024-03-27 2025-10-02 Dell Products L.P. Reserved persistent random access memory

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4731740A (en) * 1984-06-30 1988-03-15 Kabushiki Kaisha Toshiba Translation lookaside buffer control system in computer or virtual memory control scheme
US5778411A (en) * 1995-05-16 1998-07-07 Symbios, Inc. Method for virtual to physical mapping in a mapped compressed virtual storage subsystem
US6854054B1 (en) 2001-12-06 2005-02-08 Ciena Corporation System and method of memory management for providing data storage across a reboot
US6901298B1 (en) * 2002-09-30 2005-05-31 Rockwell Automation Technologies, Inc. Saving and restoring controller state and context in an open operating system
US7130997B2 (en) 2003-05-29 2006-10-31 International Business Machines Corporation Method of registering a portion of RAM with firmware to preserve the portion during reboot
US7533254B2 (en) 2004-10-29 2009-05-12 Finisar Corporation Volatile memory persistence during warm reboot in an optical transceiver
US7506203B2 (en) 2005-11-10 2009-03-17 International Business Machines Corporation Extracting log and trace buffers in the event of system crashes
US20080005529A1 (en) * 2006-06-30 2008-01-03 Morris Robert P Methods, Systems, and Computer Program Products for Providing Access to Addressable Entities Using a Non-Sequential Virtual Address Space
US20080120480A1 (en) * 2006-11-22 2008-05-22 International Business Machines Corporation Method and System For Preserving Critical Storage Contents Across A System Restart
US20090282396A1 (en) 2008-05-07 2009-11-12 Boyer John M Preserving a state of an application during update
US8151032B2 (en) * 2008-06-26 2012-04-03 Microsoft Corporation Direct memory access filter for virtualized operating systems
US7900090B2 (en) 2009-02-13 2011-03-01 Oracle America, Inc. Systems and methods for memory retention across resets
US8392917B2 (en) * 2009-03-30 2013-03-05 Microsoft Corporation Timer access from user mode through a shared memory page
US8266419B2 (en) * 2009-11-25 2012-09-11 Sprint Communications Company L.P. Fast restart on a virtual machine
US9104619B2 (en) 2010-07-23 2015-08-11 Brocade Communications Systems, Inc. Persisting data across warm boots
US8495351B2 (en) 2010-10-13 2013-07-23 International Business Machines Corporation Preparing and preserving a system configuration during a hot upgrade
US9110762B2 (en) * 2012-12-04 2015-08-18 Microsoft Technology Licensing, Llc Virtual machine-preserving host updates

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
None *

Also Published As

Publication number Publication date
BR112016013559A2 (en) 2017-08-08
EP3084595A1 (en) 2016-10-26
CN105830020A (en) 2016-08-03
US9875115B2 (en) 2018-01-23
BR112016013559B1 (en) 2022-02-22
CN105830020B (en) 2019-03-19
US20150178097A1 (en) 2015-06-25
BR112016013559A8 (en) 2020-05-19
WO2015095427A1 (en) 2015-06-25

Similar Documents

Publication Publication Date Title
EP3084595B1 (en) Memory-preserving reboot
EP2929431B1 (en) Virtual machine-preserving host updates
US10261800B2 (en) Intelligent boot device selection and recovery
US8490088B2 (en) On demand virtual machine image streaming
US10452404B2 (en) Optimized UEFI reboot process
JP5932973B2 (en) Virtual storage disk technology
US9430223B2 (en) Live operating system update mechanisms
JP5649184B2 (en) Method, computer program and system for managing multiple software images by relocation of boot blocks
US9448786B1 (en) Method for updating operating system without memory reset
Kourai et al. Fast software rejuvenation of virtual machine monitors
CN102591675B (en) Method and system for management of multiple software images with shared memory blocks
US9558023B2 (en) Live application mobility from one operating system level to an updated operating system level and applying overlay files to the updated operating system
CN108021378A (en) Upgrade-system, the upgrade method based on virtual machine and device
US8972964B2 (en) Dynamic firmware updating system for use in translated computing environments
US10936446B2 (en) Efficient handling of block write atomicity
Siniavine et al. Seamless kernel updates
WO2024041351A1 (en) Disabling processor facility on new processor generation without breaking binary compatibility
Terada et al. Dwarf: Shortening downtime of reboot-based kernel updates
US12443424B1 (en) Generational management of compute resource pools
US12248801B2 (en) Update of virtual machines using clones
Terada et al. Shortening Downtime of Reboot-Based Kernel Updates Using Dwarf
HK1255177A1 (en) Upgrading system and virtual machine-based upgrading method and device
CN119053949A (en) User-triggered virtual machine cloning to enable recovery/availability/extension
CN120540677A (en) Drive upgrading method and electronic equipment

Legal Events

Date Code Title Description
PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20160607

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAX Request for extension of the european patent (deleted)
REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602014051471

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: G06F0009445000

Ipc: G06F0009440100

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: GRANT OF PATENT IS INTENDED

RIC1 Information provided on ipc code assigned before grant

Ipc: G06F 9/455 20180101ALI20190213BHEP

Ipc: G06F 8/656 20180101ALI20190213BHEP

Ipc: G06F 9/4401 20180101AFI20190213BHEP

INTG Intention to grant announced

Effective date: 20190312

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE PATENT HAS BEEN GRANTED

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

Ref country code: AT

Ref legal event code: REF

Ref document number: 1164887

Country of ref document: AT

Kind code of ref document: T

Effective date: 20190815

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602014051471

Country of ref document: DE

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: NL

Ref legal event code: FP

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191107

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191107

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191209

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 1164887

Country of ref document: AT

Kind code of ref document: T

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191108

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20191207

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20200224

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602014051471

Country of ref document: DE

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

PG2D Information on lapse in contracting state deleted

Ref country code: IS

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

26N No opposition filed

Effective date: 20200603

REG Reference to a national code

Ref country code: BE

Ref legal event code: MM

Effective date: 20191231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191218

Ref country code: LU

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191218

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191231

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191231

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20191231

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20141218

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20190807

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230505

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: NL

Payment date: 20241121

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20241121

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20241122

Year of fee payment: 11

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20241121

Year of fee payment: 11